Data Security under the Batch Facility

After each job, the CMS batch facility loads (by IPL) itself destroying all nucleus data and work areas. All disks where links were established (using a CP LINK in the job stream) during the previous job are detached.

At the beginning of each job, the batch facility work disk is accessed and then immediately erased preventing the current user job from accessing files that might remain from the previous job. Because of this, execution of the PROFILE EXEC is disabled for the CMS batch facility machine. You may, however, create an exec procedure called BATPROF EXEC and store it on any system disk to be used instead of the ordinary PROFILE EXEC. The batch facility then executes this exec at each job initialization time.

To prevent the CMSBATCH machine from being able to reroute the output of jobs submitted by previous users, use of the CP TRANSFER command by the CMSBATCH machine should be restricted. To do this, you should redefine the privilege class of the CMSBATCH machine to a privilege class other than class G. The assigned class should allow the use of all of the general user commands except the TRANSFER command.